mac_gyver

you must ALWAYS check for and handle query errors. there are multiple possible reasons that any query can fail. for some quick debugging, just echo mysqli_error($mysqli); on the next line after your mysqli_query() statement, assuming you have a valid database connection in $mysqli. do you have php's error_reporting set to E_ALL and display_errors set to ON so that php would help you by reporting and displaying all the errors it detects?

your query isn't matching any row(s). for this condition, which isn't a query error, the ->fetch() method returns a boolean false and the ->fetchAll() method returns an empty array. do the two form variables contain what you expect? are you using the same hashing method on the password when trying to login as when the account was registered (note: md5() is not suitable for hashing passwords. see the password_hash()/password_verify() functions.) is your pass field in the database table large enough to hold the hashed password? and in your viewProtectedArea() method, the catch block for the pdo exception needs to do SOMETHING with the error information . just listing the $exc->getMessage(); on a line doesn't do anything with the value. you should log the error information on a live server and display the information when developing/debugging. if you use php's trigger_error() statement, rather than an exit()/die() statement to handle the error message, it uses php's error_reporting/display_errors/log_errors settings to control where the error information goes to. edit: you would want to use something like this to handle the pdo exception message - trigger_error("Query: $query, Error: {$e->getMessage()}, File: {$e->getFile()}, Line: {$e->getLine()}"); you should be forming your sql statement in a php variable, i.e. $query in this example, so that you can include it in the error handling.

the answer is it depends. it depends on if they provided a default admin account or on what the admin side code is doing. you would need to investigate what if anything was stored in the any database tables associated with authentication/permissions or what the code is doing to identify an admin login. without knowing what script you are using, there's no way of providing any definitive answer due to the multiple different possible ways any one thing could be accomplished in a program.

that particular error is because you cannot bind sql syntax. you can only bind data values. your uname='$user' OR uname='$user' ... syntax cannot be bound into the query. you don't even need the section of code where the error is at. you should be JOINing the user table to the friends table to get the avatar in the same query where you are getting the friends. in fact, all the queries you have shown can be replaced with one query (you would randomize the two different sections of the results, assuming you really want to randomize anything, by pre-processing the rows in your php code to store the two different sections of the results in their own array, then randomize each of those arrays in the php code.) your code also has a problem with the first query. you cannot bind ONE parameter to multiple place-holders when using prepared queries. you would need to use two differently named place-holders and bind the $uname_s variable twice. the reason you aren't getting any php/mysql errors is because your pdo instance is emulating prepares and for emulated prepares, you can bind one parameter to multiple same-name place-holders (thanks php, NOT, for being consistent and doing what the documentation states.)

the OP's phpinfo() output lists a Windows 7 Pro operating system, which is probably his development system, not the web host where he is having the error at. so, what that output from a phpinfo() statement on your web hosting or was that on your localhost xampp system?

in your else {} logic, that corresponds to a failed prepare statement, the error information would be available in $db_connect->error, not in $stmt->error.

the form is probably submitting to process2.php, but process2.php is redirecting back to form.php ^^^ why are you testing if those two values are not equal to a string consisting of a space " "? wouldn't you want to test each if those values are not an empty string "" and then produce a separate message for each one that is empty?

the error information would be accessible via - $db_connect->error

your loop should only be retrieving the data, forming the $message body with the data values, clearing any previous To: address (see the ClearAddresses() method), set the To: address from the data, and call the send() method. all the rest of the phpmailer related logic should exist only once and come before the start of your loop. you would also want to check if the send() method indicated success or failure. if it failed, log the error information and the user's email address. if it was successful, you would probably want to set a status value somewhere to indicate that the email was sent (though this is no guarantee that it was received) so that you don't repeatedly send the same reminder email.

rather than to try and make your existing code 'work' (the comma separated list you are showing as a value makes no sense - the type and the meal number is known from the select name and don't belong in each option value), just define what data you have and what result you want to produce from that data. i gather that $data is an array that somehow contains the possible choices for meat, fruit, and vegs? your goal would be to produce the <option></option> list for for each type, using the $type variable to select what part of the $data to use. the value='...' attribute that you produce should be just be an identifier for the choice. the display label should indicate to the user what each choice means. if the option list is always the same for any type, all three meals each day and all 7 days of the week are the same, you would produce the option choices ONCE, store the result in a php array variable, using the type as the array index, then simply output them when needed, using the $type variable to select which one you output. so, what does the $data array look like?

https://en.wikipedia.org/wiki/Web_search_engine

your would queue the email messages in a database table and use a cron job/scheduled task to actually send them.

as to having a huge amount of code, you should be dynamically producing the forms and dynamically processing the form data. for the form you posted above, you have a hidden field that indicates that day of the week. you will know that all the form fields correspond to that day. you don't need to include the day as part of the form field name. you have two (or more) types of items being selected - meat, fruit. the form field name should just be that type. you are doing this for three meals a day. if you use an array name for the select name, you can use the meal number as the array index, i.e. name='meat[1]', name='meat[2]', name='meat[3]', same for fruit[1], fruit[2], fruit[3] and any other types. if you have a list of the types, you would loop over that list as well, rather than hand-coding all of this out. the submit button doesn't need to be named because you have the hidden field with the name. see this example code that produces 7 days of forms, with 3 meals per day, with whatever different types you have - $days = array('Sunday','Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday' ,'Saturday'); $num_meals = 3; $types = array('meat','fruit'); foreach($days as $day){ echo "<h4>$day</h4>"; echo "<form method='post' action=''>"; echo "<input type='hidden' name='dayofweek' value='$day'>"; foreach(range(1,$num_meals) as $meal_number){ echo "<h5>Meal $meal_number</h5>"; foreach($types as $type){ echo "$type: "; echo "<select name='{$type}[$meal_number]'>"; echo "<option>build your option list in a loop using the variables present - \$day, \$type, \$meal_number to select which data to use</option>"; echo "</select><br>"; } } echo "<input type='submit' value='Save'>"; echo "</form>"; } if you in fact want only ONE form around all the days, you wouldn't use the hidden field with the day in it. you would add a second dimension to the form field array names. the first dimension would hold the day name (the day number would be better). the second dimension would be the meal number.

you would add a unique composite key to your database table consisting of those three columns.

yes, and what if your category values have been referred/linked/bookmarked to by visitors to your site. they would expect to be able to revisit your site and have their links/bookmarks take them to the same category information if it still exists. unless you are using test data in your tables that you will completely delete and start over with real data, you wouldn't ever alter the referral values between tables after it exists.

to get you going, here is your index.php code, rearranged as suggested - <?php // 1) initialization - create/define things your code needs - session_start(), require files holding configuration data/function definitions, setup an autoloader for class definitions... session_start(); $errors = array(); // holds error messages. if empty, no errors, if not empty, at least one error. $products = array(); $products['MMS-1754'] = array('name' => 'Flute', 'cost' => '149.50'); $products['MMS-6289'] = array('name' => 'Trumpet', 'cost' => '199.50'); $products['MMS-3408'] = array('name' => 'Clarinet', 'cost' => '299.50'); require_once('cart.php'); // 2) start of database dependent code - create a database connection. if you are using exceptions to handle database errors, this would be where the try block starts. // none in this example // 3) determine user state and permissions - check if the current user is logged in and retrieve any permissions the user has. the rest of the code on the page would make use of the logged in state and permissions to determine what code can be ran and what content will be produced. // if you were doing this for real, you would require that the user be logged in/authenticated at some point // 4) post method form processing - the post method form processing code, which creates/modifies/deletes data on the server, should come near the start of your file so that you aren't tempted to output anything to the browser before any data has been updated by the processing code. if your page has multiple sections of form processing code, you would have them all groped together in this section of code. if($_SERVER['REQUEST_METHOD'] == 'POST'){ $action = filter_input(INPUT_POST, 'action'); switch($action) { case 'add': $product_key = filter_input(INPUT_POST, 'productkey'); $item_qty = filter_input(INPUT_POST, 'itemqty'); add_item($product_key, $item_qty); break; case 'update': $new_qty_list = filter_input(INPUT_POST, 'newqty', FILTER_DEFAULT, FILTER_REQUIRE_ARRAY); foreach($new_qty_list as $key => $qty) { if (true) { update_item($key, $qty); } } break; case 'empty_cart': break; } if(empty($errors)){ // after successfully (no errors) processing any post data, do a header() redirect to the exact same url that the form submitted to. this will cause a get request for your page. this will cause the browser to forget that a form was submitted and it won't try to resubmit the form data if you refresh the page or browse back to the same url. this also enforces separation of concerns. post method form processing, which modifies data on the server is a separate concern from displaying data due to a get request for your page. if you want to display a one-time 'success' message after the header() redirect, pass it in a session variable, then clear he session variable after the the message gets displayed. $host = $_SERVER['HTTP_HOST']; $uri = $_SERVER['REQUEST_URI']; header("Location: http://$host$uri"); die; } // if there are errors while processing any post data, you would not redirect, stay on the page, let the rest of the code on the page display the errors, (re)display the form, and repopulate the form fields with the previously submitted values. } // 5) get method business logic - code that produces/gets data needed for the dynamic content on the page. this code contains any database specific code that knows how to retrieve data from your database tables. the result of this code should be php variables that the code later on the page uses as its input. this code should contain NO html/css/javascript markup. // since this code is using an array to define the product information, not used in this example $action = filter_input(INPUT_GET, 'action'); // condition the get method action input switch($action) { case 'show_cart': // not used in this example break; case 'show_add_item': default: // not used in this example break; } // 6) end of database dependent code - if you are using exceptions to handle database errors, you would catch the errors at this point. you can also destroy any query result resources and the database connection at this point since you won't need them any longer. //none in this example //7) get method presentation logic - // code that knows how to take the data (database data, errors, form data...) from ALL the above code and // produce the dynamic output for the page. if the output doesn't require any 'heavy' processing/formatting, // just use the data directly in the html page/template code. the result from this code should be php variables // that the html page/template uses. this code should contain NO database specific statements. if your page // has multiple sections of get method presentation logic, you would have them all groped together in this // section of code. switch($action) { case 'show_cart': ob_start(); // capture the result of the included file include 'cart_view.php'; $main_content = ob_get_contents(); ob_end_clean(); break; case 'show_add_item': default: ob_start(); // capture the result of the included file include 'add_item_view.php'; $main_content = ob_get_contents(); ob_end_clean(); break; } // html page/template - this section starts with the <!DOCTYPE ... tag and ends with the </html> tag. it is the actual html document that the dynamic output is put into to make the complete page. only simple php conditional logic/loops, function calls (that are responsible for producing output), and echo statements should be present in this section of code. ?> <!DOCTYPE html> <html> <head> <title>My Guitar Shop</title> <link rel="stylesheet" type="text/css" href="main.css"> </head> <body> <header> <h1>My Guitar Shop</h1> </header> <main> <?php if(!empty($errors)){ echo 'The following error(s) occurred:<br>'; foreach($errors as $error){ echo "$error<br>"; } } ?> <?php echo isset($main_content) ? $main_content : ''; ?> </main> </body> </html> note: i didn't actually 'fix' anything in your code. in fact, for the places with php syntax errors due to incomplete logic, i just added a true keyword so that the code didn't throw any php syntax errors. faking/fixing up the php syntax and removing the common start/end of the html document from the two view files, lets your code run, but not necessarily do what you want, within the suggested page layout.

actually, that's not specific enough for us to help you. we already know your code isn't working/broken/doesn't do what it is supposed to do because you are posting a topic on a programming help forum. if it was working/not broken/does do what it is supposed to do, you wouldn't be posting here. to get help, you must post actual errors and the code that they correspond to, symptoms (the output you actually observed, even if the output was a blank page) and at what point in the process they occurred, or specific questions.

since you didn't ask any specific question, which is what we need in order to specifically help you with any problem you are having, here's a general list of things about your current code - 1) post method form processing code should be separate from any get method code. these are two separate concerns and should be completely separated in your code. post method form processing code should check if a form was submitted at all, validate any inputs, and create/update/delete the data. after you successfully (no errors) process any post method form data, you should do a header() redirect back to the exact same url of the page. this will cause a get request for your page. you can then display the result of what the form processing code altered. 2) your cart should only contain the key (item id) and the quantity. all the other information is derived data and should not be stored in the cart. 3) don't use the global keyword to bring data into a function. pass any input data into a function as a call-time parameter. 4) you should only have ONE instance of your main html document. everything that is common from the <!DOCTYPE tag through to the </html> tag should be a single 'template'. only the content section that's different should be in your view. you should store the output from processing the view code in a php variable, then just echo that php variable in the one main html/document template at the correct location. i would either put or include the main html document at the end of your index.php file. 5) in cart_view.php, to display the contents of the cart, loop over the cart data (which will be just the item keys and quantities), use the key to get the name and cost from the $products array, calculate the item total from the quantity and the cost, and sum up each item cost to get the order total. simplifying the cart to only hold the key/quantity will make a lot of your php code go away. also, i just noticed that you don't have any session_start() in the code, so none of your $_SESSION variables will work. you need to have php's error_reporting set to E_ALL and display_errors set to ON (preferably in your php.ini) to get php to help you by reporting and displaying all the errors it detects. if you layout the code in your main file like suggested at the following link, it will help organize and make your code foolproof (a session_start() would be part of the initialization section) - http://forums.phpfreaks.com/topic/297824-database-issues-and-working/?do=findComment&comment=1519095

@hansford, it's usually better to state what's wrong, rather than to post 'fixed' code. by stating what the problem is, some learning will take place, rather than mimicking. the OP may not even realize everything you changed in the code.

your query statements are definitely producing an error, due to the LIMIT clause being supplied string values. do you have PDO's error mode set to exception (you have to specifically do this after you make the database connection) so that any of the errors from the PDO statements will throw an exception (that you can catch in one place to handle db errors) to let you know they failed? at a minimum, the two bound parameters for the LIMIT ?, ? must use PDO::PARAM_INT for the types and you cannot pass these in the ->execute() method (it treats all values as strings) and since you are binding the parameters, you shouldn't be passing anything in the ->execute() method. also, if the two values for the LIMIT x,y are entirely produced within your code, there's no need to bind them into the query, just put them directly in the query statement.

your database query would retrieve the data you want, in the order that you want it. you would store the data from the query into an array, then extract the heading information from the array of data. then just loop over the data and output it the way you want it. see the following post for an example of doing this - http://forums.phpfreaks.com/topic/298003-data-display-in-wrong-column/?do=findComment&comment=1520525

if this portion of your ajax is basically just moving functionality from the server to the browser, for when javascript is enabled, you can practice DRY (Don't Repeat Yourself) programming. you already have server-side code that's producing the values, html, .... instead of outputting those values/html when the page is requested, output them as 'generic' json encoded data in the ajax response. see the following example. code on your main page - <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Generic ajax - use server output to dynamically specify and populate elements in the dom without writing out code for each different thing</title> <script src="http://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function(){ $("button").click(function(){ $.ajax({ url: 'api.php', data: "", //optional data to pass to api.php dataType: 'json', success: function(data) { var vals = data.val; // text and textarea values if(vals){ $.each(vals, function(key, value){ $(key).val(value); }); } var htmls = data.html; //inner html if(htmls){ $.each(htmls, function(key, value){ $(key).html(value); }); } var styls = data.styles; //css class name if(styls){ $.each(styls, function(key, value){ $(key).attr("class", value); }); } var sels = data.sel; // select/option - selected if(sels){ $.each(sels, function(key, value){ var v = value != '' ? true : false; $(key).prop("selected", v); }); } var checks = data.che; // radio and checkbox - checked if(checks){ $.each(checks, function(key, value){ var v = value != '' ? true : false; $(key).prop("checked", v); }); } } }); }); }); </script> </head> <body> <form method='post' action='your_formaction.php'> <div id='seats'></div> <input type='submit'> </form> <button>DEMO button to Get JSON data. You can also just automatically load the data when the page is ready in the browser.</button> </body> </html> example api.php code - <?php // the first array index is the 'type' that corresponds to the val, html, styles, ... in the javascript code // the second array index is the jquery selector (typically an id selector '#id') that will be used by the javascript code // output sample data - // html example $number_value = 3; $content = "<select name='seat'>"; foreach(range(1,$number_value) as $value){ $content .= "<option value='$value'>$value</option>\n"; } $content .= "</select>"; $array['html']['#seats'] = $content; // val/value example $array['val']['input[name="course_number"]'] = $course_number; // from wherever you are getting the course number echo json_encode($array); this method can replace your existing .val(), .html() usage. i have included one .val() example that should work with your existing page.

this is the whole point of variables and control structures in programming. you can set a variable to any value, from wherever you want, and use control structures, such as a loop, to test/use the value that's in the variable to determine what to do. foreach(range(1,$number_value) as $value){ echo "<option value='$value'>$value</option>\n"; }

your form should submit the id and you should store the id in the second table to relate the row in the second table back to the source information in the first table. information like the sitename/username should only exist once, in the source table where it is defined/stored.

here's an example - <?php session_start(); // post method form processing code if($_SERVER["REQUEST_METHOD"] == "POST") { // load if(isset($_POST['load'])){ // process the groupid input, for brevity, just save it in the session variable // you would normally validate/cast it as a positive integer and detect if one of the choices has been selected $_SESSION['groupid'] = $_POST['groupid']; // do whatever processing you want when a groupid has been selected } // dump if(isset($_POST['dump'])){ // do whatever processing you want for this condition // clear the groupid unset($_SESSION['groupid']); } // any other post method form processing code.... } ?> <?php // at the part of your code where you are producing the output for the form - ?> <form method='post'> <select name="groupid" <?php echo isset($_SESSION['groupid']) ? 'disabled':''; ?>> <option value='0'>GROUP</option> <?php foreach(range(1,10) as $group){ // you should be retrieving the group numbers from wherever you have the group information stored, not hard-coded in the code $sel = isset($_POST['groupid']) && $_POST['groupid'] == $group ? 'selected' : ''; echo "<option value='$group' $sel>$group</option>\n"; } ?> </select> <?php if(!isset($_SESSION['groupid'])){ // no groupid selected echo "<input type='submit' name='load' value='Load'>"; } else { // a groupid is selected, output the stuff for when there is a groupid echo "<input type='submit' name='dump' value='Dump'>"; // whatever else you want to output } ?> </form> if would help you greatly in creating the program logic that does what you want if you organize your code with the form processing code grouped together and the code that produces the output on your page grouped together.